Facebook’s dark ads problem is systemic

Facebook’s admission to the UK parliament this week that it had unearthed unquantified thousands of dark fake ads after investigating fakes bearing the face and name of well-known consumer advice personality, Martin Lewis, underscores the massive challenge for its platform on this front. Lewis is suing the company for defamation over its failure to stop bogus ads besmirching his reputation with their associated scams.

Enhancing Pwned Passwords Privacy by Exclusively Supporting Anonymity

When I launched Pwned Passwords in August, I honestly didn’t know how much it would be used. I made 320M SHA-1 password hashes downloadable and also stood up an API to query the data “as a service” by either a plain text password or a SHA-1 hash. (Incidentally, for anyone about to lose their mind over SHA-1, read that launch post as to why that hashing algorithm is used.) But the service did become quite popular, although that was just the beginning…

Why Are You Still Using IE? Double Kill Is Just the Latest Issue

Microsoft’s legacy browser Internet Explorer (IE) has been used for almost three decades, but not without issues. IE has been so plagued with security problems that Microsoft built a new, more secure browser called Edge. But there are still some issues. Edge’s forward-leaning technology doesn’t support some of IE’s legacy capabilities. For that reason, IE still comes installed on all Windows operating systems. So, once again, IE has been exploited by attackers, as discovered and observed in the wild by the Chinese security firm Qihoo 360. They’re calling this new zero-day vulnerability Double Kill. The firm believes this is an advanced persistent threat (APT) aimed at achieving ongoing access to targeted systems.

IDG Contributor Network: Redefining mission critical systems in the world of analytics-driven security

IT and security infrastructure are at a crossroads. With the current technological advancements in cloud, IoT and the “as a Service” model, there is a continued blurring of where one product, service or platform ends and another begins. With the introduction of the cloud began the slow erosion of the classic network perimeter. Now IoT is taking it to a new level by connecting a diverse set of systems into the mix. Widespread adoption of these technologies ultimately begs the question: what is a mission critical system?

Security Trade-Offs in the New EU Privacy Law

On two occasions this past year I’ve published stories here warning about the prospect that new European privacy regulations could result in more spams and scams ending up in your inbox. This post explains in a question and answer format some of the reasoning that went into that prediction, and responds to many of the criticisms leveled against it.

What is a Cybersecurity Technology Platform Anyway?

At last week’s RSA Conference, you couldn’t walk more than 10 feet on the show floor without a security vendor pitching you on its technology “platform.”  Yup, Check Point, Cisco, FireEye, Forcepoint, Fortinet, McAfee, Palo Alto Networks, Symantec, Trend Micro, Webroot, and lots of other are now busy pitching platforms and will continue to do so. 

A Most Elegant Solution

Colonizing Mars is usually coded either as a grand ambition for humanity, the next Moon landing, or an escape hatch for a species on the brink, a plan B for a people spoiling their planet with climate change, war, etc. Yet we haven’t given much thought to the unintended consequences of the technologies that might make either leap possible. Today’s dispatch does exactly that. Enjoy -the eds

We’re not going on a summer holiday

You know the saying: “If it ain’t broke, don’t fix it.” Cybercriminals seem to have taken that truism to heart, because they continue to reuse the same old scams — and they never fail to find victims. Last summer, social media worldwide were flooded with reposts of fake airline giveaways. We covered it at the time, but as the new holiday season approaches, the same posts are popping up again, with very minor changes.

This Week in Security News: Fines and Funding

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, the SEC paid $35 million in fines following the 2014 breach, in which Russian hackers obtained the information of 500 million users. In addition, IoT research revealed 64 percent of broadband households are concerned about data privacy.